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DETAILED ACTION 



1 . Claims 1 -7, 9-1 1 , and 22-27 are pending. 



Response to Arguments 



2. Applicant's arguments filed 1/10/2008 regarding claim 22 are moot in view of the 
updated grounds of rejection. Applicant's remaining arguments have been fully 
considered but they are not persuasive. 

3. Applicant argues on pages 7-8 that Kavanagh fails to teach inspecting packets in 
the tunnel to detect firewall session information. Examiner respectfully disagrees. 
Kavanagh teaches inspecting packets in the tunnel to detect firewall session information 
(Kavanagh, paragraph 0013, analyze packets in GTP tunnel using a plurality of filtering 
criteria) by teaching a GTP tunnel (Kavanagh, paragraphs 0013, 0010) that has its 
messages pass through firewalls (Kavanagh, paragraph 0046). The firewalls screen 
and filter the GTP tunnel packets and access information in the packets such as the 
header to determine whether the firewall session should reject the packet (Kavanagh, 
paragraph 0047). Thus, Kavanagh teaches inspecting packets to detect information 
associated with the firewall session. 



Application/Control Number: 10/765,676 
Art Unit: 2134 



Page 3 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-7, 9-11, and 22-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Syvanne et al EP 1 ,31 7,1 1 2 in view of Kavanagh US PGPub 
2003/0081607. 

5. With regards to claim 1, Syvanne teaches a method of screening incoming 
packets (Syvanne, paragraph 0012, stateful filtering of packets), comprising: detecting a 
request to establish a connection from a first network to a packet data network 
(Syvanne, paragraph 0019, detects registration of a new mobile entity using SIP, 
paragraph 0029, data connectivity may be based on GTP tunneling protocol); detecting 
establishment of a tunnel, wherein the tunnel has a support node at each end of the 
tunnel (Syvanne, paragraph 0019, detects registration of a new mobile entity using SIP, 
paragraph 0034, GTP tunnel connection between SGSN and GGSN), one of the 
support nodes being a gateway to the packet data network (Syvanne, paragraph 0034, 
GTP tunnel connection between SGSN and GGSN gateways), wherein the tunnel is 
used to convey user traffic and the user traffic through the tunnel can have one or more 
associated firewall sessions on a firewall outside the tunnel (Syvanne, paragraphs 
0033-0034, tunnels used to convey user data from mobile nodes, paragraph 0032, can 
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have tunnel connection through firewall 204 and 205); and sending a request to the 
firewall to clear the one or more firewall sessions (Syvanne, paragraph 0022, firewall 
deletes entries in its entity table, paragraph 0041 , receives message from other firewall 
and updates/deletes sessions). Syvanne fails to teach detecting a tear down of the 
tunnel. However, Kavanagh teaches detecting a tear down of the tunnel (Kavanagh, 
paragraph 0010, receives Detach Request message and initiates tunnel tear down) and 
inspecting packets in the tunnel to detect firewall session information (Kavanagh, 
paragraph 0013, analyze packets in GTP tunnel using a plurality of filtering criteria), 
paragraphs 0046--047, gtp tunnels pass through firewalls and are filtered). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the 
art to utilize Kavanagh's method of tearing down tunnels with GTP Detach Requests 
because it offers the advantage of reducing malicious attacks because system 
resources are not wasted because all GTP requests require a response (Kavanagh, 
paragraph 001 1 ). 

6. With regards to claim 2, Syvanne as modified teaches detecting a tear down of 
the tunnel includes detecting the tear down of a GTP tunnel within the first network 
(Kavanagh, paragraph 0010, receives Detach Request message and initiates tunnel 
tear down, Syvanne, paragraph 0029, data connectivity may be based on GTP 
tunneling protocol). 

7. With regards to claim 3, Syvanne as modified teaches stopping passage of 
packets to the first network originating from the packet data network and associated 
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with a firewall session that is not on the firewall session list (Syvanne, paragraph 0037, 
restricts connections and packets that are defined as unwanted). 

8. With regards to claim 4, Syvanne as modified teaches dropping packets 
originating from the packet data network and not associated with a firewall session 
identifier on the firewall session list (Syvanne, paragraph 0037, restricts connections 
and packets that are defined as unwanted). 

9. With regards to claim 5, Syvanne as modified teaches detecting the tear down 
of the tunnel includes detecting GTP delete tunnel request and response messages 
(Kavanagh, paragraph 0010, receives Detach Request message and initiates tunnel 
tear down). 

10. With regards to claim 6, Syvanne as modified teaches clearing the one or more 
firewall sessions from a firewall session list (Syvanne, paragraph 0022, firewall deletes 
entries in its entity table). 

1 1 . With regards to claim 7, Syvanne as modified teaches adding a firewall session 
to a firewall session list at a time when a new tunnel is created (Syvanne, paragraph 
0038, if the mobile entity is not currently active in any firewall then a new entry is 
added). 

12. With regards to claim 9, Syvanne as modified teaches determining at least one 
of a source address and a destination address of the packets in the tunnel (Kavanagh, 
paragraph 0013, verifies correct source and destination addresses). 

13. With regards to claim 10, Syvanne as modified teaches detecting establishment 
of the tunnel includes determining the one or more firewall sessions associated with the 
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tunnel (Syvanne, paragraph 0032, firewalls share data about tunnel firewall sessions 
passing through them, paragraph 0038, share data to form second mobile entity table of 
other sessions in other firewalls). 

14. With regards to claim 11, Syvanne teaches detecting establishment of the 
tunnel includes determining two or more firewall sessions associated with the tunnel 
(Syvanne, paragraph 0032, firewalls share data about tunnel firewall sessions passing 
through them, paragraph 0038, share data to form second mobile entity table of other 
sessions in other firewalls). 

15. With regards to claim 22, Syvanne teaches a system for screening incoming 
packets (Syvanne, paragraph 0012, stateful filtering of packets), comprising: a GTP 
firewall having a GTP communication module (Syvanne, paragraph 0034, firewall with 
GTP tunnel communications passing through) and a firewall session list and removing 
inactive firewall sessions from the firewall session list when the tear down engine 
receives the instruction (Syvanne, paragraph 0022, firewall deletes entries in its entity 
table, paragraph 0041, receives message from other firewall and updates/deletes 
sessions). Syvanne fails to teach a firewall tear down engine. However, Kavanagh 
teaches a Gi communication module that is operable to receive an instruction from the 
GTP communication module to tear down a firewall session (Kavanagh, paragraph 
0010, receives Detach Request message and initiates tunnel tear down, paragraph 
0046, detach message passes through firewall). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to utilize Kavanagh's 
method of tearing down tunnels with GTP Detach Requests because it offers the 
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advantage of reducing malicious attacks because system resources are not wasted 
because all GTP requests require a response (Kavanagh, paragraph 001 1). 

16. With regards to claim 23, Syvanne as modified teaches the GTP firewall is 
operable to detect a GTP tunnel tear down (Kavanagh, paragraph 0010, receives 
Detach Request message and initiates tunnel tear down). 

1 7. With regards to claim 24, Syvanne as modified teaches the GTP firewall is 
operable to detect a firewall session end (Syvanne, paragraph 0032, connection moved 
from being handled by one firewall to another, paragraph 0022, firewall deletes entries 
in its entity table, paragraph 0041 , receives message from other firewall and 
updates/deletes sessions). 

18. With regards to claim 25, Syvanne as teaches a GTP firewall includes a Gn 
firewall provided at a Gn interface (Syvanne, paragraph 0034, firewall 305 between 
SGSN and GGSN). 

1 9. Claims 26-27 are rejected under 35 U.S. C. 1 03(a) as being unpatentable over 
Syvanne et al EP 1,317,112 and Kavanagh US PGPub 2003/0081607, as applied to 
claim 22 above, and in further view of Gopal et al "User plane Firewall for 3G Mobile 
Network." 

20. With regards to claim 26, Syvanne as modified fails to teach the GTP firewall 
includes a Gp firewall provided at a Gp interface. However, Gopal teaches the GTP 
firewall includes a Gp firewall provided at a Gp interface (Gopal, page 2118, stateful 
firewall at Gp interface). At the time the invention was made, it would have been 
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obvious to a person of ordinary skill in the art to utilize Gopal's method of providing a 
firewall at the Gp interface because it offers the advantage of defending against attacks 
that are targeted at the wireless infrastructure (Gopal, page 21 18). 
21 . With regards to claim 27, Syvanne as modified fails to teach the GTP firewall is 
located on a device; and the Gi firewall is located on the device. However, Gopal 
teaches the GTP firewall is located on a device; and the Gi firewall is located on the 
device (Gopal, page 21 17, column 2, firewall policy at Gi interface). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to 
utilize Gopal's method of including a Gi firewall on the device because it offers the 
advantage of reducing the vulnerability of future telecommunications networks to 
attacks while still allowing voice and streaming services for users to pass from the user 
plane (Gopal, page 21 1 7). 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ANDREW L. NALVEN whose telephone number is 
(571)272-3839. The examiner can normally be reached on Monday - Thursday 8-6, 
Alternate Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Andrew L Nalven/ 

Primary Examiner, Art Unit 2134 



